Preventing a Peregrine repeat for less than a dollar a dayAugust 16, 2012: 11:44 AM ET
Regulators, customers, shareholders, and boards need to push for the wider use of electronic confirmations as part of company audits.
FORTUNE -- Trustees are still scrambling to find the billions at MF Global and the millions at Peregrine that have gone missing from customer accounts.
In June, a report from the MF Global (MFGLQ) trustee stated that there are "claims for breach of fiduciary duty and negligence … that may be asserted against [MF Global CEO Jon Corzine]," though it looks like the prospect of criminal charges against Corzine may be dimming. But the wheels of justice are moving much more quickly for Peregrine CEO Russell Wasendorf. He will be arraigned on Friday resulting from an indictment by the Commodities Future Trading Commission earlier this week for allegedly falsifying records.
A confession purportedly written by Wasendorf explained how he had used forgeries of bank statements and a post office box he opened in 2006 to thwart regulators' and auditors' paper-based confirmations of customer accounts. As of the end of the year, the accounts held $215 million less than the forged bank statement showed.
So what pushed Wasendorf over the edge in 2012?
In the weeks leading up to his attempted suicide, the National Futures Association began to forcefully urge Wasendorf to allow electronic confirmations of Peregrine's bank holdings, according to Brian Fox, founder of Confirmation.com, a firm that appears to be practically the only game in town for this type of service. "When he finally agreed to our electronic confirmation process," he knew the gig was up, Fox says.
In contrast to a paper-based process, electronic confirmations use additional security mechanisms to ensure that whoever confirms an account balance during an audit has the appropriate credentials to do so. According to Fordham accounting professor Barbara Porco, who has worked on a research project with Confirmation.com, "A fraudster may be able to create false verification; however, the electronic process makes it more challenging."
The Peregrine case is just the latest larger-than-life, long-running fraud that could have been prevented if electronic confirmations were used. The debacle at Olympus is another example. Despite a recent uptick in interest in this service, however, more regulators, customers, shareholders, and audit committees need to push for the use of electronic confirmations as a second check on company audits.
What's the hold up?
Yet the Public Company Accounting Oversight Board (PCAOB), which oversees audit firms, hasn't been pushing for the use of electronic confirmations. Two years ago, the PCAOB requested comments on new rules to address weaknesses in confirmation practices and require audit firms to ensure that electronic confirmations are effective. But the PCAOB has not updated the confirmation rules and, as proposed, the current rules do not recommend an electronic reassurance.
The PCAOB recently published suggested quality control questions audit committees could ask auditors, but electronic confirmations were not mentioned. This week, the PCAOB published standards for how audit firms should communicate with the audit committees that hire them. Again, the standards do not discuss audit confirmations.
Bank of America (BAC) is one of "25 banks that require that all their confirmations go through Confirmation.com" and "hundreds of banks of all sizes use the service," Fox wrote me in an email. In all, 10,000 organizations (including regulators, audit firms, and internal audit departments inside companies) are currently using Confirmation.com, Fox says. But not every single auditor at an audit firm uses the service. At the largest audit firms, for example, some partners may use the service and others not. Just as regulators haven't taken a stand to insist on additional electronic confirmation, many large audit firms don't seem to have firm-wide policies on the matter either. KPMG, PwC, Deloitte, and Ernst & Young did not respond or declined to provide comment for this article.
The Center for Audit Quality (CAQ), whose governing board is made up of audit firms and academics, doesn't seem to have taken a position either. Following the Olympus scandal, and again more recently, CAQ spokesperson Jake Leon declined to comment on the matter, telling me electronic confirmations were not among the issues the CAQ gets involved with.
The lack of support doesn't seem to be a cost issue. Scott Univer, general counsel of accounting firm WeiserMazars, whose firm uses the electronic confirm service, says the process is cost efficient. All accounts at a given bank can be confirmed for any given date for between $23 and $115, Confirmation.com's Fox says. If an audit is performed more than once a year, the fees are even lower.
Auditors may be hesitant to use an outside service like Confirmation.com because they view it as a replacement to their own work rather than an additional verification. Another reason auditors and audit firms may be reluctant to introduce electronic confirmations to companies could be driven by the fear that previously undetected, long-standing frauds might come to the surface, making them appear negligent. Requiring corporate audit committees to choose different auditors periodically could reduce this sort of fear.
The PCAOB is currently reviewing the idea of so-called mandatory audit firm rotation. But at a June PCAOB meeting, Harold Williams, former SEC Chair, outlined the dilemma the PCAOB faces referring to "the international oligopoly" of Big 4 accounting firms. "Auditing is a profession run as a business," Williams said. As a business, oligopolies generally, recognizing their very comfortable and secure strengths, are not inclined to rock the boat in relation to each other."
Because Confirmation.com is not run by one of the Big 4 accounting firms, it has the advantage of providing an independent verification. Although the electronic confirmation service is sold primarily to audit firms, it is also sold to some companies' internal auditors. Selling the service to audit committees would also make sense. But doing so could alienate the audit firms who closely guard their audit committee relationship.
Besides the trepidation about what's hidden under the rug, are there any real dangers of the new technology worth considering? As with any technology, hacking is one serious danger cited by Richard Chambers, president of the Institute of Internal Auditors.
Another is the lack of formal oversight of Confirmation.com. Although the PCAOB would not comment on electronic confirmations for this article, a spokesperson was quick to say they do not have jurisdiction over firms that provide electronic confirmation services. Unfortunately, this is an all too common response from lawmakers and regulators who wait too long to figure out who should oversee new developments in the securities markets. This reaction is particularly concerning given the fact that banks are beginning to mandate the use of electronic confirmations (to the exclusion of paper-based approaches) and the possibility that following the Peregrine publicity, it will become even more difficult for Confirmation.com's independent competitors to give the company a run for its money.
For his part, Fox says his business partners and customers review and monitor his firm's processes. But with some audit firms replacing rather than augmenting traditional confirmations with the service, this informal approach is inadequate. Regulators should move toward some kind of certification system for electronic confirmation providers and encourage additional non-audit firm affiliated providers to enter the marketplace.
It doesn't seem to be a stretch to think that investors and customers should be entitled to know whether companies are using electronic confirmations. Every year, shareholders review audit committees' proxy statements to cast their votes in director elections and weigh in on auditor selections. Well run audit committees should be moving to put the additional safeguard in place and touting these practices in their proxies. Fiduciaries who invest other people's money should not invest in companies unwilling to disclose and implement this measure. After the last nine months of big blow-ups, refusing to use an inexpensive means of double-checking should be a red flag to all.
Eleanor Bloxham is CEO of The Value Alliance and Corporate Governance Alliance (http://thevaluealliance.com), a board advisory firm.